aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax <msuraev@sysmocom.de>2017-06-13 10:15:58 +0200
committerMax <msuraev@sysmocom.de>2017-06-22 10:50:30 +0000
commit5a44d25ad343d6426295480f6a0a5d6dc21350cf (patch)
tree69c5c8cfb1d64eb10f9112bc1e617ad99f10d3ec
parent2f8b9d25f8428980e35ed8f8b2dc44324bc4566a (diff)
Fix BTS features length check
While fixing potentially incorrect memory access, the check for maximum number of supported BTS features was incorrectly adjusted instead of feature vectore length check next to it. Fix this by adjusting checks properly and adding comments to avoid future confusion. The error was introduced in a60bb3dd28ce9e3720f8ee1b262893f3e233e2e6. Change-Id: I06d2498d730624d5da535f6add6fa98d004714ae
-rw-r--r--openbsc/src/libbsc/abis_nm.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/openbsc/src/libbsc/abis_nm.c b/openbsc/src/libbsc/abis_nm.c
index 17156888..019d0395 100644
--- a/openbsc/src/libbsc/abis_nm.c
+++ b/openbsc/src/libbsc/abis_nm.c
@@ -484,13 +484,13 @@ static inline uint8_t *parse_attr_resp_info_manuf_id(struct gsm_bts *bts, uint8_
if (TLVP_PRES_LEN(&tp, NM_ATT_MANUF_ID, 2)) {
m_id_len = TLVP_LEN(&tp, NM_ATT_MANUF_ID);
- if (m_id_len > MAX_BTS_FEATURES/8 + 1) {
+ /* log potential BTS feature vector overflow */
+ if (m_id_len > sizeof(bts->_features_data))
LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: feature vector is truncated to %u bytes\n",
bts->nr, MAX_BTS_FEATURES/8);
- m_id_len = MAX_BTS_FEATURES/8;
- }
- if (m_id_len > sizeof(bts->_features_data))
+ /* check that max. expected BTS attribute is above given feature vector length */
+ if (m_id_len > OSMO_BYTES_FOR_BITS(_NUM_BTS_FEAT))
LOGP(DNM, LOGL_NOTICE, "BTS%u Get Attributes Response: reported unexpectedly long (%u bytes) "
"feature vector - most likely it was compiled against newer BSC headers. "
"Consider upgrading your BSC to later version.\n",